http://www.mandriva.com/en/
______________________________
Package : python-django
Date : September 5, 2014
Affected: Business Server 1.0
______________________________
Problem Description:
Updated python-django packages fix security vulnerabilities:
These releases address an issue with reverse() generating external
URLs (CVE-2014-0480); a denial of service involving file uploads
(CVE-2014-0481); a potential session hijacking issue in the remote-user
middleware (CVE-2014-0482); and a data leak in the administrative
interface (CVE-2014-0483).
______________________________
References:
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://advisories.mageia.org/
______________________________
______________
Updated Packages:
Mandriva Business Server 1/X86_64:
0eca221813ab4acfb3380c7fe0f065
5ca7306fe70ffad78a2eb6cb890840
______________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Komentarų nėra:
Rašyti komentarą